Well, the problem with this question is that the only possible answers are "No", or no answer at all. And the lack of answer could easily be taken to mean "Your E-mail got put in our spam folder" or "our receptionist is asleep"...

"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking,"

I really doubt the NSA is in the business of stealing bank information .

The answers aren't trustworthy unless they respond with a sworn affidavit. Otherwise there is no way of confirming if they're telling the truth. Receiving an NS Letter means that if asked you can't admit to having received an NS Letter because of the gag order, but they can definitely say they haven't gotten one if they have.

"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking,"

I really doubt the NSA is in the business of stealing bank information .

Your right. They don't have to, they probably have direct access to the banks themselves.

Reminds me of a sci fi book i read a year or so back. It talks about how NSA was one of the pioneers of the core engine behind most Anti Virus and uses it to create this huge computation machine (it was not the major plot point). I read it laughed at that time. Makes you think

"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking,"

I really doubt the NSA is in the business of stealing bank information .

It would be truly ironic if the USA anti-virus providers were forced to cooperate with the FBI/NSA under laws such as the Patriot Act, whereas non-USA anti-virus providers such as Kaspersky, Panda Security, AVG, etc were not. Thus driving Americans away from otherwise trust-able anti-virus vendors...

"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking,"

I really doubt the NSA is in the business of stealing bank information .

Reminds me of a sci fi book i read a year or so back. It talks about how NSA was one of the pioneers of the core engine behind most Anti Virus and uses it to create this huge computation machine (it was not the major plot point). I read it laughed at that time. Makes you think

"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking,"

I really doubt the NSA is in the business of stealing bank information .

You are missing the point. If they choose to ignore exploits to make it easier for NSA to snoop on users, then that also makes it easier for other adversaries who have independently crafted similar exploits to get by the antivirus software.

Edit: Alternately, if state-authored malware were to unintentionally spread beyond it's intended target, that malware could weaken the security of the computer against other adversaries.

What I'm looking forward to is the headline that the hole they left in their AV software for the NSA has caused the software to overlook a really bad virus that has now compromised the pentagon or some such nonsense.

"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking,"

I really doubt the NSA is in the business of stealing bank information .

Much the same way they're not in the business of abusing their accesses to spy on ex girlfriends? Well, that's certainly a relief.

The NSA might not be, but specific individuals within might be more than happy to lift a few.

Reminds me of a sci fi book i read a year or so back. It talks about how NSA was one of the pioneers of the core engine behind most Anti Virus and uses it to create this huge computation machine (it was not the major plot point). I read it laughed at that time. Makes you think

With a one in four detection rate of even the best AV software, they are certainly guilty of giving people a false sense of security. Whether this helps the NSA and any other criminal activity is a bit like asking if the sky is blue. It's like the firewall that lets everything from port 80 come through no questions asked.

This will be interesting. However, I only anticipate the participation of non-US based antivirus software providers.

I'm not sure that it's safe to assume than non-US AV vendors are positioned to be much more forthcoming than US-based vendors. Any requests made to them by the US government would certainly have taken a different form, but would have been made in the same spirit, and with the same intent. If the companies perceive that disclosure - answers of "yes, we received such requests, and honored them," for example - would in any way threaten their US revenue stream, why would they disclose? If you're making money, and quite a bit of it, in the US, pissing off pretty much any three-letter US government agency is probably a bad idea, no matter where you're based. A great deal of political and financial pressure can be brought to bear by the agencies and their masters. (Huawei comes to mind as an example, albeit in a different context.)

So, unless companies decide there is more to gain by disclosure than by continued concealment, the responses, if any, will mean damned near nothing. I want to admire the effort, but think it somewhat pointless. Almost disingenuous, in a way.

With a one in four detection rate of even the best AV software, they are certainly guilty of giving people a false sense of security.

Much like the comment from arcite, yours is just false and purposely hyperbolic.

Nearly all popular AVs perform above 80% across the MANY different tests that the MANY different reviewers put them through, in MANY different environments, every year. Most of those are even over 90%

I have plenty of negative things to say about many AV products, but your comment is not based on any reasonable fact and simply shows ignorance.

On the plus side, it's about the right quality, and perfectly worded for Reddit or 4chan!

Actually those are based on Google's numbers... maybe they'd know? Considering how much of the net they scour? I think you are forgetting or have no clue how easy it is to mutate a computer virus. The best protection is an up to date OS. That means running Windows 8 not 7, and definitely not XP. Same goes for IE. So you might want to go back to your regular trolling on Reddit and 4chan, and let the adult's talk. Or better yet, write an angry letter to Google.

So, unless companies decide there is more to gain by disclosure than by continued concealment, the responses, if any, will mean damned near nothing. I want to admire the effort, but think it somewhat pointless. Almost disingenuous, in a way.

In this context, failing to disclose should be considered a "yes, we comply with NSA requests."

If they don't want to provide information their consumers can use to make wise purchasing decisions, they should be categorized under the worst possible result. Don't reward non-transparency.

Does anyone expect anything other than the usual canned, non-answer answer that they've all learned from US .gov officials in past years? Can ANYTHING (OS, product, hardware, etc) be trusted these days after the bright lights have been shown on the complicitous nature of most US- and foreign-based technology companies these days?

Perhaps the ignorance of past decades was best; these days I KNOW we can't trust anyone. Backdoors in software and hardware firmware, Tor potentially compromised, TrueCrypt audit being delayed... Dunno, man.

So, unless companies decide there is more to gain by disclosure than by continued concealment, the responses, if any, will mean damned near nothing. I want to admire the effort, but think it somewhat pointless. Almost disingenuous, in a way.

In this context, failing to disclose should be considered a "yes, we comply with NSA requests."

If they don't want to provide information their consumers can use to make wise purchasing decisions, they should be categorized under the worst possible result. Don't reward non-transparency.

I see your point, and acknowledge that my logic might be seen as somewhat flawed, but I still think that any lack of responses or disclosure, will be meaningless, to an extent. Let me put it this way - if I were an non-US AV vendor and received this letter, my response might well go something like this: "No response - but perhaps not for the reasons that you so obviously wish to leap to. We know we're being baited and manipulated, and we don't appreciate it. We therefore choose not to respond, no matter how you might interpret that."

Edit: yes, I strayed from my original premise, in a way. Didn't mean to move the goal posts, there, sorry if it's taken that way. I'm just trying to think through various scenarios, and about what "no response" might really mean, and if it is really of any value.

Irony, most AV software is worse than the viruses and Trojans they're supposed to protect against.

You do you know you are not suppose to install the AV from the pop up window that says "OMG! OMG! YOU HAVE A VIRUS ON YOUR COMPUTER! CLICK HERE TO REMOVE VIRUS!" while you are browsing your "special" sites right?

"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking,"

I really doubt the NSA is in the business of stealing bank information .

I do not think that the NSA have the authority to do precisely that: force companies to create vulnerabilities in their own products in that way . You will have to review the law to see if that is possible , but i really doubt it.

"As a manufacturer of antivirus software, your company has a vital position in providing security and maintaining the trust of internet users as they engage in sensitive activities such as electronic banking,"

I really doubt the NSA is in the business of stealing bank information .

Your right. They don't have to, they probably have direct access to the banks themselves.

Sure enough; we already know that at least one other wholly unaccountable agency does (and is specifically exempted from the Right to Financial Privacy Act so that it can do so).

With a one in four detection rate of even the best AV software, they are certainly guilty of giving people a false sense of security. Whether this helps the NSA and any other criminal activity is a bit like asking if the sky is blue. It's like the firewall that lets everything from port 80 come through no questions asked.

AV software is not an impenetrable shield, but it is an important component of good security, just like locks won't keep determined people out of your house, but they stop people from just walking in. AV products update far more quickly than operating systems, and sometimes months faster than third party programs like flash and java. Security is about multiple interlocking layers of defense working together.

Even MSE, which is the friendliest, can slow things down with live scanning. Certain kinds of files and applications (videos, large content files, games, etc) need to be excluded from scans otherwise there is a noticeable performance hit with many of those AV apps.